The Remote Hacking of Android Phones Is Possible By GLitch

Must Read

Skeletons in the Closet? Google-Facebook Involved in Secret Online Advertising Deal

If you can’t beat ‘em, join ‘em. And when two titans happen to decide upon an alliance,...

Smartphone Resale Value: Depreciation Is Surprising Enough [REPORT]

It's a tad cliché and true that smartphones have permeated every sphere of our life. The ceaseless...

“Open Up Cambridge Analytica, It’s CBI At the Door!”

Among all the establishments ensnared in deplorable acts, Cambridge Analytica has steadily climbed the ladder of infamy....

Android’s vulnerability is not something unfathomable. Despite, security researchers have finally discovered an effective way to hijack an Android phone remotely through a nearly four-year-old hacking technique known as ‘Rowhammer’. On Thursday, researchers from Vusec research group published a paper that unveils how the Rowhammer exploit, dubbed as GLitch, leverages embedded GPUs to remotely execute malicious code in Android phones.

GLitch is the very first example of remote Rowhammer exploit on ARM Android devices. The Rowhammer technique involves inducing electric leaks in memory (DRAM) which results in the flipping of individual bits in adjacent memory rows and thereby leaking content from them. This will make it easy for the attacker to remotely hack the smartphone without relying on a software tweak.

The technique gives the hacker more flexibility over previous methods that relied on CPUs. GLitch is the first Rowhammer attack that is based on Javascript, meaning it can be executed when a user does nothing more than visiting a malicious site.

Advertisements

GLitch gets its name as it uses WebGL programming interface for rendering graphics to trigger a known glitch in DDR3 and DDR4 memory chips, the reason behind the peculiar capitalization. The term Rowhammer was coined after hackers repeatedly accessed – or ‘hammered’ – specific rows of the memory chip and altered its data by changing ‘zeros’ to ‘one’, and vice-versa. This intended bit-flip gave them control of the system.

The researchers have shown their proof of concept attack that how GLitch loads a malicious javascript in the browser and remotely hacks the victim’s phone. And all this in less than 2 minutes. Though it can only run the malicious code within the privileges of the browser, meaning it can spy on user’s browsing habits or steal his credentials, but can’t gain deeper access to user’s Android phone. Currently, GLitch targets only the Firefox browser and smartphones running on Snapdragon 800 and 801 SoC. Although the exploit isn’t mature enough to have an immediate adverse effect on most end users, it works on Android phones like LG Nexus 5, HTC One M8 or LG G2.

Additionally, the researchers have said,” If you’re wondering if we can trigger bit flips on Chrome the answer is yes, we can. As a matter of fact, most of our research was carried out on Chrome. We then switched to Firefox for the exploit just because we had prior knowledge of the platform and found more documentation.

That being said, Google replied that the attack isn’t a practical threat to the vast majority of users. Also, the search engine giant mitigated this remote vector in Chrome on March 13 and its team is working to implement protection on other browsers. Mozilla is also updating Firefox to prevent Rowhammer attacks. Furthermore, the recent DDR4 smartphone memories offer a safeguard that prevents electric leakage from changing their values.

LEAVE A REPLY

Please enter your comment!
Please enter your name here
Advertisements

Latest News

Why Is Retargeting Touted As A Secret Weapon For Success By Online Marketers

You know that ads play an important role in driving people to your website if you run...

Happy B’day Chad Hurley: The Co-Founder Of The World’s Largest Video Library

Chad Hurley never cared about success, he mended his ideas and tried to garner the fruits from those. But not every time...

Encouraged By Record Profit of RIL, Ambani Wants To Accelerate 5G Arrival in India

Brace yourselves for the sooner-than-anticipated arrival of  Reliance Jio 5G services because the 63-year-old billionaire tycoon Ambani recently pledged to the speedy launch...

How Mobile Is Becoming A Catalyst Of Online Gambling Market Growth

The global online gambling market is now one of the biggest and it is expected to grow up to 127.3 billion US...

“Open Up Cambridge Analytica, It’s CBI At the Door!”

Among all the establishments ensnared in deplorable acts, Cambridge Analytica has steadily climbed the ladder of infamy. The roots of its malice...

Smartphone Resale Value: Depreciation Is Surprising Enough [REPORT]

It's a tad cliché and true that smartphones have permeated every sphere of our life. The ceaseless tech breakthroughs have led to...

In-Depth: Dprime

Will ‘TikTok By Microsoft’ Be A Winner?

For the last two years, TikTok has been in the public eye for all sorts of reasons. First, it was the exploded...

Facebook Subscription Model: Looking Beyond Ad Dollars?

Seldom do job listings create a stir this gripping. However, when the job listing in question is a stealth post from Twitter,...

Will The Online Food Delivery Market in India End Up Becoming A Two-Horse Race?

It's pretty much evident that the food delivery space in India is all set to get riled up soon enough as one...

More Articles Like This